Public bug reported:
On upgrade from cosmic to disco, I get a debconf prompt from ca-
certificates:
New certificates to activate:
mozilla/GlobalSign_Root_CA_-_R6.crt
mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt
Neither of these two new certificates are selected by default.
Looking at the config script, I see that this question is being asked at
critical priority.
It also appears that this is only being asked because ca-
certificates/trust_new_crts is set to 'ask'. This is not a default
setting and I have no memory of setting this, but the debconf database
says this question has been seen. It's possible I did choose this
option at some point despite not having memory of it; though I worry
that since this is a continuously-upgraded system, something picked this
for me at some point in the past due to a bug.
But having decided for 'ask', the UX here is still pretty bad.
- If the package's recommendation (and default behavior) is to enable these
new certs on upgrade, then the debconf prompt should also have them
preselected. Otherwise, this prompt looks like something the package
maintainer is NOT recommending that you do, so then why prompt for it at all.
- Presenting only the certificate filenames is not a great basis for anyone
making a decision about whether or not to enable these certs. If I actually
wanted to manage which certs are enabled, in order to make an informed decision
I would expect to see things like the CN of the cert and possibly some EKU
information, not a filename.
** Affects: ca-certificates (Ubuntu)
Importance: Medium
Status: New
** Changed in: ca-certificates (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates in Ubuntu.
https://bugs.launchpad.net/bugs/1824411
Title:
ca-certificates pops a bad debconf prompt on upgrade to disco
Status in ca-certificates package in Ubuntu:
New
Bug description:
On upgrade from cosmic to disco, I get a debconf prompt from ca-
certificates:
New certificates to activate:
mozilla/GlobalSign_Root_CA_-_R6.crt
mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt
Neither of these two new certificates are selected by default.
Looking at the config script, I see that this question is being asked
at critical priority.
It also appears that this is only being asked because ca-
certificates/trust_new_crts is set to 'ask'. This is not a default
setting and I have no memory of setting this, but the debconf database
says this question has been seen. It's possible I did choose this
option at some point despite not having memory of it; though I worry
that since this is a continuously-upgraded system, something picked
this for me at some point in the past due to a bug.
But having decided for 'ask', the UX here is still pretty bad.
- If the package's recommendation (and default behavior) is to enable these
new certs on upgrade, then the debconf prompt should also have them
preselected. Otherwise, this prompt looks like something the package
maintainer is NOT recommending that you do, so then why prompt for it at all.
- Presenting only the certificate filenames is not a great basis for anyone
making a decision about whether or not to enable these certs. If I actually
wanted to manage which certs are enabled, in order to make an informed decision
I would expect to see things like the CN of the cert and possibly some EKU
information, not a filename.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1824411/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
